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Claims 

1. Method for managing certificates in a certificate authority in a system having at 
least a first plurality of certificate authorities, comprising at least the step of 

5 

generating at least two certificate revocation lists of a first type, 

each of said at least two certificate revocation lists of a first type not indicating a 
revoked status of any certificate authority in said at least a first plurality of 
10 certificate authorities, 

said at least two certificate revocation lists of a first type having at least partially 
consecutive validity periods, 

15 where the beginning of the validity period of at least one of said at least two 
certificate revocation lists of a first type is a future point of time. 

2. Method according to claim 1, comprising at least the steps of 

20 

publishing said certificate revocation lists of a first type one at a time, each 
essentially at the time of the beginning of the validity period of that particular 
certificate revocation list. 

25 

3. Method according to claim 1 , comprising at least the steps of 

checking regarding each of certificate authorities listed in said certification 
revocation lists of a first type if the security of each of certificate authorities has 
30 been breached or not; 

and if the security of none of said certificate authorities has been breached, 
pubhshing one of said certificate revocation lists of a first type. 



35 



30/09/2083 18:29 +358-20-500-7390 



SSH LEGAL 



SIVU 



13 

4. Method according to claim 1, comprising at least the steps of 

generating at least two certificate revocation lists of a second type, 

5 each of said at least two certificate revocation lists of a second type indicating a 
revoked status of at least one certificate authority in said at least a first plurality of 
certificate authorities, 

said at least two certificate revocation lists of a second type having at least 
10 partially consecutive validity periods, 

where the beginning of the validity period of at least one of said at least two 
certificate revocation lists of a second type is a future point of time. 

15 

5. Method according to claim 4, comprising at least the steps of 

checking regarding each of certificate authorities in said at least a first plurality of 
certificate authorities if the security of each of certificate authorities has been 
20 breached or not; 

and if the security of none of said certificate authorities has been breached, 
publishing one of said certificate revocation lists of a first type, 

25 and if the security of at least one of said certificate authorities has been breached, 
publishing one of said certificate revocation lists of a second type. 

6. Method according to claim 4, comprising at least the steps of 

30 

generating for each certificate authority in said at least a first plurality of 
certificate authorities if the security of each of certificate a series of certificate 
revocation lists which indicate a revoked status of said certificate authority. 

35 7. Method according to claim 1 , comprising at least the steps of 
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generating at least two certificate revocation lists of a third type, 

each of said at least two certificate revocation lists of a third type indicating a 
temporarily suspended status of at least one certificate authority in said at least a 
5 first plurality of certificate authorities, 

said at least two certificate revocation lists of a third type having at least partially 
consecutive validity periods, 

10 where the beginning of the validity period of at least one of said at least two 
certificate revocation lists of a third type is a future point of time. 



8. System for a certificate authority having means for generating certificate 
15 revocation lists, comprising at least 

means for generating sequences of certificate revocation lists of a first type having 
at least partially consecutive validity periods, the beginning of the validity period 
of at least one of said revocation lists of a first type being a future point of time 
20 relative to the time of generating a sequence of certificate revocation lists, 

said certificate revocation lists of a first type indicating no revocation for a 
predefined group of certificate authorities. 

25 

9. System according to claim 8, further comprising at least means for publishing 
said certificate revocation lists of a first type one at a time, each essentially at the 
time of the beginning of the validity period of that particular certificate revocation 
list. 

30 

10. System according to claim 8, comprising at least 

means for generating sequences of certificate revocation lists of a second type 
35 having at least partially consecutive validity periods, the beginning of the validity 
period of at least one of said revocation lists of a second type being a future point 
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of time relative to the time of generating a sequence of certificate revocation lists, 
and 

means for generating an indication of a revoked status of at least one certificate 
5 authority in said predefined group of certificate authorities in each certificate 
revocation list generated by said means for generating sequences of certificate 
revocation lists of a second type. 

10 11. System according to claim 10, comprising at least 

means for checking regarding each of certificate authorities in said predefined 
group of certificate authorities if the security of each of said certificate authorities 
has been breached or not; 

15 

means for publishing one of said certificate revocation lists of a first type if the 
security of none of said certificate authorities has been breached, and 

means for publishing one of said certificate revocation lists of a second type if the 
20 security of at least one of said certificate authorities has been breached. 



12. Computer program product for a certificate authority having computer code 
means for generating certificate revocation lists, comprising at least 

25 

computer program code means for generating sequences of certificate revocation 
lists of a first type having at least partially consecutive validity periods, the 
beginning of the validity period of at least one of said revocation lists of a first 
type being a future point of time relative to the time of generating a sequence of 
30 certificate revocation lists, 

said certificate revocation lists of a first type indicating no revocation for a 
predefined group of certificate authorities. 
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13. Computer program product according to claim 12, comprising at least 
computer program code means for publishing said certificate revocation lists of a 
first type one at a time, each essentially at the time of the beginning of the validity 
period of that particular certificate revocation list. 

5 

14. Computer program product according to claim 12, comprising at least 

computer program code means for generating sequences of certificate revocation 
10 lists of a second type having at least partially consecutive validity periods, the 
beginning of the validity period of at least one of said revocation lists of a second 
type being a future point of time relative to the time of generating a sequence of 
certificate revocation lists, and 

15 computer program code means for generating an indication of a revoked status of 
at least one certificate authority in said predefined group of certificate authorities 
in each certificate revocation list generated by said means for generating 
sequences of certificate revocation lists of a second type. 

20 

15. Computer program product according to claim 14, comprising at least 

computer program code means for checking regarding each of certificate 
authorities in said predefined group of certificate authorities if the security of each 
25 of said certificate authorities has been breached or not; 

computer program code means for publishing one of said certificate revocation 
lists of a first type if the security of none of said certificate authorities has been 
breached, and 

30 

computer program code means for publishing one of said certificate revocation 
lists of a second type if the security of at least one of said certificate authorities has 
been breached. 



35 



